A global enterprise with a core strategy focused on acquiring smaller competitors enlists Edgescan to assess the security profile of new assets before they’re accepted into the corporate network.
About the Client
One of the largest clinical research organizations (CROs) in the world is engaged in a long-term growth strategy focused on acquiring other businesses in the sector. This presents a rolling series of challenges for the internal security team: “How do we know what state the IT assets are in without performing due diligence on them prior to acquisition?” For the team, penetration testing every IP range and application scheduled to enter the parent network after a firm’s acquisition was virtually impossible, and identifying all of these disparate assets and their owners to get visibility into their risk controls and metrics was in many cases unrealistic. So they called Edgescan.
About Edgescan
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets across the globe for both enterprise and SME clients, helping them to continuously detect, prioritize, monitor, and fix security weaknesses for all web-facing and internal systems including web applications, websites, mobile apps, servers, firewalls, VPNs, or VoIP services. A team of analysts validates every vulnerability discovered on an assessment, creating a multi-step verification process for a solution that’s highly accurate and virtually free of false positives.
Onboarding
Edgescan swiftly and seamlessly integrated with the client’s information security apparatus to harden the attack surface of the core network. Next, when the client moves to make an acquisition, Edgescan onboards all assets associated with the target company—websites, mobile applications, VPNs and more—and begins the program of continuous attack surface management (ASM) for each asset before it enters the network.
Perimeter Defense
Edgescan provides authenticated assessment of attack-surface vulnerabilities on an ongoing basis for all web-facing assets under management. All of the vulnerabilities discovered are manually validated and risk-rated, helping the client focus on issues that pose priority risk. The client can channel this validated vulnerability intelligence into their own security systems through the Edgescan API and instantly operationalize it, using Edgescan’s insights to establish a more secure perimeter around their core network. When the client makes an acquisition, web-facing assets associated with it are scrutinized for risk and vulnerabilities while still outside the perimeter, before they’re accepted into the corporate network, in order to maintain the client’s overall security posture.
Outcome
Edgescan’s full-stack vulnerability management service has enabled the client to implement a defined and standardized process around accepting external assets into the secure network. This process has been streamlined and automated into the existing security ecosystem of the organization, saving time and money. In this case, Edgescan’s capabilities directly serve the major strategic goals of a global business, allowing leadership to execute a high-level tactical plan while maintaining full command of their web-facing security posture.